OpenPGP Key Transition


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Date: 6 November 2020

OpenPGP Key Transition Statement for Robin Frousheger

I have created a new OpenPGP key and will be transitioning away from my
old key. The old key has not been compromised but has been set to
expire soon. All future correspondence should be encrypted to the new
key, and will be making signatures with the new key going forward.

The old key was:

pub   rsa4096/0xA3BB33F1D10E00CA 2015-03-18
      Key fingerprint = 090D 0FFB BD28 176A E975  414B A3BB 33F1 D10E 00CA

The new key is:

pub   nistp521/0xC9E2B560F00859EF 2020-10-28
      Key fingerprint = 2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF

To fetch the full key from a public key server, you can simply do:

  gpg --keyserver hkps.pool.sks-keyservers.net --recv-key '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF'

Or direct download from my website:

  wget --quiet --output-document=- https://openpgpkey.froosh.net/2E17305E1F893819B7FF9F63C9E2B560F00859EF.asc | gpg --import

If you already know my old key, you can now verify that the new key is
signed by the old one:

  gpg --check-sigs '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF'

If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:

  gpg --fingerprint '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF'

The new key can also verified with Web Key Directory[0]

  gpg-wks-client --verbose --check robin@froosh.net

If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key. You can
do that by issuing the following command:

  gpg --sign-key '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF'

I'd like to receive your signatures on my key. You can either send me
an e-mail with the new signatures (optionally encrypted):

  gpg --armor --export '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF' > unencrypted.asc
  gpg --export '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF' | gpg --armor --encrypt --recipient '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF' > encrypted.asc

Or you can upload your signatures to a public keyserver directly:

  gpg --keyserver hkps.pool.sks-keyservers.net --send-key '2E17 305E 1F89 3819 B7FF  9F63 C9E2 B560 F008 59EF'

To verify the integrity of this statement:

  wget --quiet --output-document=- https://openpgpkey.froosh.net/Key-Transition-20201106.txt | gpg --verify

Additionally, I highly recommend that you implement a mechanism to keep
your key material up-to-date so that you obtain the latest revocations,
and other updates in a timely manner.

  gpg --refresh-keys

Please let me know if you have any questions, or problems, and sorry
for the inconvenience.

Froosh

0. https://wiki.gnupg.org/WKD
-----BEGIN PGP SIGNATURE-----

iQI5BAEBCgAjFiEECQ0P+70oF2rpdUFLo7sz8dEOAMoFAl+k5m0FgwPCZwAACgkQ
o7sz8dEOAMr7gg//SekY6QXdskY/ssONxJVAlz0UUkCXXsywBnhN4tZv/w1ob3Zk
jypTAyoORYU7k0EAgI/OMfKHrGV7QJROrKGUKC2yHpbzQ/AOm+VJW27LGVPoWSNT
JeurYBp2pVZTUB/ZflD9jF4WBoWsAWB1arhLstIayc7iDBVOyfeoZdV12xNbDMpu
LRKsh284aNFdJh7+fOHhTe1nUYr9o1ON5arj4WiHFkn/xoqOZmX3Sc9tY0HdEXIc
eUXmaZZYoAkg3vYrPhF4WbG0viJGQDktrj77zR2xKR1zZR0T5tQcLakNZwTk6i9I
X7Zpkr+0ucuESkUu0DDymFAHlIIjwc8goBIPjOpXKl73N+5OnVZEVkmm/iQnvc1z
0f3EMWnCseXJ386MCA7kaBgCdk9IOC1LtMLPq+GtG+fS4kkzIy+pKJmdzkImL33k
0zQHhKp3jXdiQfcqTCCJWcJfaBmK8R7xlioEzANLqgQ7MIU+v9RAIdaebhhhkoxx
+PdtJjHjWJBNISEtYMxleDOOnmQi7w1hAgkPhyMeD9kasUgINBu+VtBqu+TvNG20
DLRgznzEzDSzm5H0VrRIQQlENlUwhBMVWCWW5/Cmsk19Ha65/Yk+HMpdgnCf0x6H
P67bWDrxc75FO8gDSklBNR8oVPcYRELmCwJKnGRivH7Vsp30UdmxHp8iYgOIvgQB
EwoAIxYhBE+W6u9B2sRA2EWVdFnYbwRE8ZpRBQJfpOZtBYMDwmcAAAoJEFnYbwRE
8ZpRsUQCCQHrHTIs598VkRwTGU1B6n6MxesihIxzpZRLN4logmkWybP3cEkFwx3F
kS9idLfsGwCV3BGyZSsyMbyGGN35KFNbnAIIxS5N3TrkUjZo7+S0jdgwLs4BLpeZ
GHjzNaVOgekvyq2R1tlNAwCJeZhmVdBahL85pSmHvI7G8zYO/MMeE6cN99A=
=gNrG
-----END PGP SIGNATURE-----

Alternate copies available at Key-Transition-20201106.txt (github.com) or https://openpgpkey.froosh.net/Key-Transition-20201106.txt